Ivan Kalik wrote:
Yeah,that's what I'm doing. The problem is that the retries are not
being sent to a different home server (or any home server). They are
being dropped as retransmits because internally, freeradius is
tracking that no reply was sent to them earlier. I have tried
treaking cleanup_delay to 0 or 1 to flush these out sooner, but it
does not work -- they do not appear to be tracked the same way as
normal responses. Here are the debug messages from radiusd -X:
rad_recv: Access-Request packet from host 127.0.0.1 port 47163,
id=155, length=59
Ignoring retransmit from client SERVERS port 47163 - ID: 155, no reply
was configured
Yes, length of that is controlled by response_window. Server will ignore
retransmits while waiting for response. If you shorten response_window
home server will be marked as zombie faster.
I must be missing something, because even after the home_server has been
marked as a zombie, the proxy is still ignoring the retransmits.
Furthermore, it's taking much longer than the response_window for the
home_server to be marked as a zombie.
I have a response_window of 1, trying to force the home_server to be
marked zombie as fast as possible. Here are the log messages (I've
stripped out test packet contents) for the three client attempts using
radtest, which sends 3 packets for a total processing time of 15 seconds:
rad_recv: Access-Request packet from host 127.0.0.1 port 39091, id=56,
length=59
+- entering group authorize {...}
++[control] returns notfound
+- entering group pre-proxy {...}
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
Sending Access-Request of id 175 to xxx.xxx.xxx.12 port 1812
Proxying request 0 to home server xxx.xxx.xxx.12 port 1812
Sending Access-Request of id 175 to xxx.xxx.xxx.12 port 1812
Going to the next request
Waking up in 0.9 seconds.
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 39091, id=56,
length=59
Sending duplicate proxied request to home server xxx.xxx.xxx.12 port
1812 - ID: 175
Sending Access-Request of id 175 to xxx.xxx.xxx.12 port 1812
Rejecting request 0 due to lack of any response from home server
xxx.xxx.xxx.12 port 1812
Found Post-Proxy-Type
+- entering group Fail {...}
++[control] returns noop
++- entering policy do_not_respond {...}
+++[control] returns noop
+++[handled] returns handled
++- policy do_not_respond returns handled
Going to the next request
PROXY: Marking home server xxx.xxx.xxx.12 port 1812 as zombie (it looks
like it is dead).
Sending Status-Server of id 81 to xxx.xxx.xxx.12 port 1812
Message-Authenticator := 0x00000000000000000000000000000000
NAS-Identifier := "Status Check. Are you alive?"
Waking up in 3.9 seconds.
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 39091, id=56,
length=59
Ignoring retransmit from client SERVERS port 39091 - ID: 56, no reply
was configured
Waking up in 2.9 seconds.
Sending Status-Server of id 37 to xxx.xxx.xxx.12 port 1812
Message-Authenticator := 0x00000000000000000000000000000000
NAS-Identifier := "Status Check. Are you alive?"
Waking up in 3.9 seconds.
Waking up in 1.6 seconds.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
